{"id":8954,"date":"2017-08-28T10:10:16","date_gmt":"2017-08-28T18:10:16","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/08\/28\/news-2727\/"},"modified":"2017-08-28T10:10:16","modified_gmt":"2017-08-28T18:10:16","slug":"news-2727","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/08\/28\/news-2727\/","title":{"rendered":"Mobile Menace Monday: Implications of Google Play Protect"},"content":{"rendered":"

Credit to Author: Nathan Collier| Date: Mon, 28 Aug 2017 17:00:21 +0000<\/strong><\/p>\n

Along with the recent release of Google\u2019s new OS, Android 8.0 Oreo, they also released a new security suite known as Google Play Protect<\/a>. As blogged about in July in Play Protect: Android\u2019s new security system is now available<\/a>, this new suite has been available since mid-May.<\/p>\n

To reiterate<\/h3>\n

As noted in our July blog, the new Find My Phone<\/a> does exactly what the name implies. You can also lock the phone remotely, display a message on the phone, call the phone through a browser, or even erase all the data on the phone with this feature. I personally hope this will help alleviate the use of shady monitoring apps<\/a>. There is also Google\u2019s Safe Browsing<\/a> that stops you before you proceed to an unsafe site via Chrome. This feature has been around for a while.<\/p>\n

50 billion apps, oh my!<\/h3>\n

Of most interest is Google\u2019s security suite is its new scanning capabilities. Google boasts it can scan 50 billion apps daily, and uses machine learning<\/a> to weed out the bad stuff. For quite some time, Google has been vetting apps before allowing them in the Google Play Store. Until now, they had no way to verify that the apps stayed vetted after install. This new capability allows Google to scan apps after installation, as well. Not only does it scan apps installed from Google Play, but it also scans apps installed from third-party sites.<\/p>\n

The ability to scan apps after install will aid in detecting apps that are set to hide their malicious activity for a set amount of time or after an update \u2014 i.e., a malicious app may wait a week before doing anything malicious to hide its presence from malware researchers and scanners. Google claims that if an app that was once acting safely is suddenly doing something malicious, it will flag it.<\/p>\n

This machine learning you talk about\u2026<\/h3>\n

The use of machine learning to detect malware is far from a new concept. Regarding malware detection, it typically works by pooling things into two groups \u2014 a good group and a bad group. It then learns every trait it can about each group. If anything looks out of the ordinary from the good group and\/or displays traits from the bad group, it’s flagged.<\/p>\n

I can only assume Google is using anything on Google Play, that per Google \u201cundergo rigorous security testing,\u201d to pool in the good group. If the trait of the app changes from when it was verified to get into Google Play \u2014 bam, it\u2019s flagged!<\/em><\/p>\n

Grey is the new black<\/h3>\n

This all sounds great, but malware authors are already ahead of the curve. We have seen the rise of apps that lie in the \u201cgray\u201d area or better known as Potentially Unwanted Programs (PUPs).\u00a0 Rather than making obviously malicious (black) apps, malware authors are creating apps that are rather questionable.<\/p>\n

Most come in the form of a PUP subcategory known as adware<\/a>. \u00a0Ads aren\u2019t inherently malicious, and many apps from the Google Play Store have ads to keep the apps free. There\u2019s a thin line between a good ad and what we call adware. If the ad behavior starts acting overly aggressive or does something out of line like collecting overly personal information, it’s considered adware.\u00a0 The uncertainty of whether an ad is good or not can mean adware can slip into Google Play undetected for long periods of time. If my hunch is correct, these apps would also be in the machine learners \u201cgood\u201d group if they made it into Google Play.<\/p>\n

Clickers, too<\/h3>\n

Another concern is the more malicious Trojan.Clicker. This malware simply \u201cclicks\u201d on ad websites in the background repeatedly to gain revenue. The simplicity of the code makes it difficult to detect. Malicious clicker apps have been known to\u00a0slip into Google Play<\/a>.<\/p>\n

Kudos to Google<\/h3>\n

I, for one, am very happy to see Google taking more steps to keep users safe. Concerning machine learning, the more data you have, the better it will be at detecting. Google has an abundance of data, which gives me high hopes of its abilities.<\/p>\n

As a malware researcher, should I start beefing up my resume to find a new field now that Google is on the case? Not likely as malware authors have and always will find ways around detection. The new scanner will indeed help things, but it certainly isn’t a stop-all for mobile malware. Trust me, if I could retire from the mobile malware industry knowing the world is safe to a less stressful job as a goat herder, I would. Until then, stay safe out there.<\/p>\n

 <\/p>\n

Nathan Collier<\/em><\/p>\n

The post Mobile Menace Monday: Implications of Google Play Protect<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Nathan Collier| Date: Mon, 28 Aug 2017 17:00:21 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
Along with the recent release of Google\u2019s new OS Android 8.0 Oreo, they also released a new security suite known as Google Play Protect.<\/p>\n

Categories: <\/p>\n